Remote console



  • Hi guys

    A few times I've had corrupted pfSense units that fail to boot and need re-flashing.  I had an idea to leave an install USB inserted to these units (yes, set boot order to boot from eMMC by default) with some sort of remote console attached (please no flames about security, let's leave that for another topic…)  So that I could ssh to the remote device and access the SiLabs console of the dead pfSense, re-flash it and get it back online.  In the "old days" we had devices such as these that could give you remote access to a standard DB-9/RS-232 serial port.  Since those are no longer on newer devices I was wondering if a similar device existed that could provide remote access to this serial port.

    Thanks



  • A long shot, but how about something like this as a starting point:

    https://www.get-console.com/shop/en/27-airconsole


  • Rebel Alliance Developer Netgate

    If all else fails, use an rpi or similar, anything with a USB port and network access that can take the serial drivers. An rpi with USB hubs can act like a console MUX for USB/Serial connections.




  • Rebel Alliance Developer Netgate

    That won't help here.

    The ports he's referring to are not serial. They are USB-to-serial adapters on the SG firewall units. They are client devices that have to connect to a USB host.

    So unless you have something which sends USB over Ethernet – which exists but seems dumb for this -- you need to connect that to a USB host like a PC, another server, a small box like a bbb/pi/etc



  • @jimp:

    That won't help here.

    The ports he's referring to are not serial. They are USB-to-serial adapters on the SG firewall units. They are client devices that have to connect to a USB host.

    So unless you have something which sends USB over Ethernet – which exists but seems dumb for this -- you need to connect that to a USB host like a PC, another server, a small box like a bbb/pi/etc

    fair enough. good to know. thank you, Jimp!



  • Right after posting to this forum, I found I could not get the funky "serial to USB" host drivers to work on any of my host systems (Mac, PC, etc.) to connect directly to a SG-1000 console port.

    (I may be showing my age, but all the prior networking equipment I used, mainly Cisco routers, always had real serial ports.  Physically, they use RJ-45 jacks, but a mechanical converter works for that.)

    Anyway, I have been informed by the Airconsole folks at www.get-console.com that their line of serial-to-WiFI and serial-to-Bluetooth console port adapters/terminal servers will also support these newer "serial to USB" console ports.  (the Airconsole has a USB port on it.)

    They said they have drivers included for the most popular chipsets and a "can do" attitude if needed:

    "Yes, the Airconsole can connect to USB console ports. This does require that the Airconsole has an appropriate driver for the USB console port.

    The Airconsole ships with many USB serial drivers, including:

    If your device isn't on the list then we can usually add a driver in the next firmware release if the USB VID/PID is supplied."

    I've got one on order as it will be useful in other scenarios (emergency console port connection from mobile phone or tablets.

    Potentially, a robust gadget to have in one's toolkit.



  • Wow - cool thanks for posting that.  I will order one too to play around with.  ;)

    edit: which one did you buy? they have so many models…


  • Galactic Empire

    @SpivR:

    Right after posting to this forum, I found I could not get the funky "serial to USB" host drivers to work on any of my host systems (Mac, PC, etc.) to connect directly to a SG-1000 console port.

    (I may be showing my age, but all the prior networking equipment I used, mainly Cisco routers, always had real serial ports.  Physically, they use RJ-45 jacks, but a mechanical converter works for that.)

    Anyway, I have been informed by the Airconsole folks at www.get-console.com that their line of serial-to-WiFI and serial-to-Bluetooth console port adapters/terminal servers will also support these newer "serial to USB" console ports.  (the Airconsole has a USB port on it.)

    They said they have drivers included for the most popular chipsets and a "can do" attitude if needed:

    "Yes, the Airconsole can connect to USB console ports. This does require that the Airconsole has an appropriate driver for the USB console port.

    The Airconsole ships with many USB serial drivers, including:

    If your device isn't on the list then we can usually add a driver in the next firmware release if the USB VID/PID is supplied."

    I've got one on order as it will be useful in other scenarios (emergency console port connection from mobile phone or tablets.

    Potentially, a robust gadget to have in one's toolkit.

    I can confirm they work with USB to mini USB, I've used them on my SG-4860 and Cisco equipment.

    I went for the XL pro, there weren't as many different types when I purchased mine.



  • I bought the Airconsole standard (the one with the built-in battery).  I didn't really need the battery, but the price difference is small from the basic unit w/o battery and because shipping cost is a little higher than usual (it is from NZ), decided to get the better one anyway for the same shipping expense.

    If you are going to do a terminal server or remote console access, you should look into the Pro model because it includes a cloud license. I'm not planning on needing that so I haven't researched fully how their cloud service and multi-port servers work, so YMMV.


  • Rebel Alliance Developer Netgate

    Hardware console access via a cloud service? Talk about a major security vs convenience trade-off.

    None for me, thanks.


  • Galactic Empire

    @jimp:

    Hardware console access via a cloud service? Talk about a major security vs convenience trade-off.

    None for me, thanks.

    It is meant more for remote assistance than full time access, handy if you have someone not very experienced trying to fix an issue with a device that's off the network, you connect via the iPhone app connect the the server over 3/4 G then send a random link via email or chat to whoever is assisting you.

    You can even host your own server inside your network.



  • Is access via cloud the only option?  No option to directly connect to the units?



  • Cloud service is totally an optional setup/enhanced configuration.  By itself, the Airconsole connects locally over Wi-Fi or Bluetooth.  (Sorry if that was not the question).

    In terms of a cloud service, I would guess that if it has, or you can wrap it, with a good two-factor authentication, then it would probably be a reasonable security/access trade-off.  (After all, so much of the Internet runs on Amazon AWS "cloud" servers, right?)


  • Galactic Empire

    @luckman212:

    Is access via cloud the only option?  No option to directly connect to the units?

    Yes you connect directly to the units if you are within wifi range.

    Basically it has two radios, one connects to your local wifi the other acts as an AP.

    You then telnet / ssh to the device IP address using port using a non standard port or you browse to the devices web page and access the console part there.



  • Not to nit-pick, but I am pretty sure it has only one Wi-Fi radio and simply can configure it either in client mode (to connect to existing Wi-Fi router/network), or in direct/ad-hoc Wi-Fi mode to create its own mini Wi-Fi network.


  • Galactic Empire

    @SpivR:

    Not to nit-pick, but I am pretty sure it has only one Wi-Fi radio and simply can configure it either in client mode (to connect to existing Wi-Fi router/network), or in direct/ad-hoc Wi-Fi mode to create its own mini Wi-Fi network.

    Nope it has two.

    "Airconsole can now concurrently operate as both an Infrastructure AP for the Airconsole- XX SSID, and simultaneously be a Wireless Client connected to another existing wireless network."

    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/5002473704/original/Airconsole_User_Manual_Full-v2.51.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJ2JSYZ7O3I4JO6DA%2F20161219%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20161219T203141Z&X-Amz-Expires=300&X-Amz-Signature=0ebecd4ad5029a07928df1598bf31d8f1999347bbec8a17a5276787ea12f979b&X-Amz-SignedHeaders=Host&response-content-type=application%2Fpdf


  • Rebel Alliance Developer Netgate

    At that cost, it's still cheaper to rig up a Pi or similar to multiple units with USB hubs. Probably still cheaper even with wifi on the Pi.

    You don't get the shiny case or polished UI, but rolling your own VPN for "cloud" style access would be easy.

    Heck it's almost the same cost to drop an SG-1000 on there to be your console access + OOB management firewall :-)



  • @NogBadTheBad:

    Nope it has two.

    "Airconsole can now concurrently operate as both an Infrastructure AP for the Airconsole- XX SSID, and simultaneously be a Wireless Client connected to another existing wireless network."

    Unclear if that is the case.  I still believe it is one physical radio that is being configured in two modes.  This quote from the doc implies two logical interfaces, not two physical radios:

    "In AP Client mode an additional “Wireless2” interface is created (called “apcli0”). This interface operates separately and concurrently with the “Wireless1” interface which remains bridged through to the wired LAN port."

    Wi-Fi radios operate as a shared medium with only one station transmitting at a time.  The "devil in the details" is how the right to transmit is passed along between stations (fairness, error control, bandwidth, etc.).  With the right firmware, a single radio can switch modes between client mode and AP mode on a per transmission basis and create multiple virtual radio interfaces.  This is how most modern Wi-Fi routers can create multiple SSID networks (guest networks, segmented networks, etc.)

    Only the newer multi-band and true mesh Wi-Fi AP's have multiple physical radios (and are expensive because of that.)



  • I own and use AirConsoles for some years now.
    There is only one radio installed in the device.
    You can configure WiFi and ETH to your liking, separate, bridged, client, server with or without DHCP.

    If cou can get access to the ETH port of the device remotely then you're good to go.

    The mini version is absolutely sufficient for what you want to do.
    The standard version is what it all started with and which I got. It adds a battery that's always empty when you need it - and only lasts about 4 hours fully charged. There's an XL version with a way bigger battery and a clumsy case.
    The available console cables (serial on RJ45 to USB) are Cisco compatible.

    Edit: image is of an early version 1 of the device and not the current 2.0